Will Dormann on Nostr: "Best email money can buy" product Zimbra has an embarrassingly bad vulnerability: ...
"Best email money can buy" product Zimbra has an embarrassingly bad vulnerability: CVE-2024-45519
The vulnerable code appends the attacker-provided email address to a command line and then runs it with popen() (which uses a shell). Guess what happens when the email address has a backticks, a semicolon, $(), etc?
What year is this?
Luckily the attack vector to get there (postjournal) isn't enabled by default, as there are exploitation attempts occurring in the wild:
https://infosec.exchange/@justicerage/113231837285277188
https://blog.projectdiscovery.io/zimbra-remote-code-execution/
The vulnerable code appends the attacker-provided email address to a command line and then runs it with popen() (which uses a shell). Guess what happens when the email address has a backticks, a semicolon, $(), etc?
What year is this?
Luckily the attack vector to get there (postjournal) isn't enabled by default, as there are exploitation attempts occurring in the wild:
https://infosec.exchange/@justicerage/113231837285277188
https://blog.projectdiscovery.io/zimbra-remote-code-execution/